Recently, computers have become ubiquitous in society, and computer security measures are emphasized. For example, computer security measures include a method of ensuring the platform safety by preventing software fraud by a security chip having tamper resistance.
Techniques having enabled by this security chip having tamper resistance include a trusted boot. This trusted boot denotes a technique of verifying the integrity of platform components at device boot time, utilizing the fact that a security chip denotes hardware that does not allow software fraud. Utilizing this trusted boot technique makes it possible to find the platform tampering.
In this trusted boot, components loaded during a boot sequence are measured in order, and the measurement values are recorded in a register in a security chip. This operation starts using a non-rewritable area called “CRTM (Core Root of Trust for Measurement)” (which normally corresponds to a BIOS boot block) as the source of trust.
In this trusted boot, after measurement processing (acquisition processing), the measurement values recorded in the register in the security chip are compared with values expected as measurement values prepared in advance.
In this trusted boot, the above-noted processing makes it possible to verify the integrity of various source codes and essential libraries of a BIOS, boot loader, OS, application, and so on.
Conventionally, a trusted boot technique is suggested in which using a random value when recording a measurement value in a PCR (Platform Configuration Register) makes it difficult for attackers to acquire information for a platform attack (for example, refer to PTL 1).